Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-2708

document operation screen auth not implemented properly

    Details

    • Type: Bug Fix
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0, KFS Release 3.0
    • Component/s: Development
    • Labels:
      None
    • Rice Module:
      KEW
    • Application Requirement:
      KFS

      Description

      see linked issue

        Attachments

          Issue Links

            Activity

            Hide
            ewestfal Eric Westfall added a comment -

            peter, for this one we need to check the permissions in the rice database and verify they are set up correctly. Essentially only 'admin' should have access to this screen via a technical administrators role. The specific permission template being used here is the "Use Screen" permission template.

            If that perm is set up correctly we need to verify it's functioning properly by checking that only admin can open that screen.

            If everything checks out ok on the rice side we need to work with the kfs team to see if there is an issue with the permission in their database.

            Show
            ewestfal Eric Westfall added a comment - peter, for this one we need to check the permissions in the rice database and verify they are set up correctly. Essentially only 'admin' should have access to this screen via a technical administrators role. The specific permission template being used here is the "Use Screen" permission template. If that perm is set up correctly we need to verify it's functioning properly by checking that only admin can open that screen. If everything checks out ok on the rice side we need to work with the kfs team to see if there is an issue with the permission in their database.
            Hide
            gilesp Peter Giles (Inactive) added a comment -

            the empty checkAuthorization(...) method in DocumentOperationAction overrode / masked the functioning method in KualiAction.

            Show
            gilesp Peter Giles (Inactive) added a comment - the empty checkAuthorization(...) method in DocumentOperationAction overrode / masked the functioning method in KualiAction.
            Hide
            abyrne Ailish Byrne added a comment -

            can you explain this part...
            "
            struts-config.xml:

            • set contextRelative="true" for exceptionIncidentHandler global forward
              "
              may need to do this in other rice struts files
            Show
            abyrne Ailish Byrne added a comment - can you explain this part... " struts-config.xml: set contextRelative="true" for exceptionIncidentHandler global forward " may need to do this in other rice struts files
            Hide
            ewestfal Eric Westfall added a comment -

            Bulk change of all Rice 1.0 issues to closed after public release.

            Show
            ewestfal Eric Westfall added a comment - Bulk change of all Rice 1.0 issues to closed after public release.

              People

              • Assignee:
                gilesp Peter Giles (Inactive)
                Reporter:
                abyrne Ailish Byrne
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours
                  3h